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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 



of a software object, the method comprising: 

receiving a specification indicative of requirements for the execution of the 
software object, the specification referring to one or more components; 

generating a manifest based on said specification, including accessing said one 
or more components, said manifest comprising one or more rules governing what may be 
loaded into for ensuring integrity of an address space that is used for execution of the 
software object , the one or more rules incorporating a list of acceptable and unacceptable 
modules, wherein the acceptable modules may be executed in the address space of the 
software object and the unacceptable modules are unconditionally barred from being 
executed in the address space of the software object . 

2. (Currently Amended) The method of claim 1, wherein said specification identifies ene 
or more the acceptable and unacceptable modules, and wherein generating the manifest 
comprises including, in said manifest, the identities of the one or more the acceptable and 
unacceptable modules identified in the specification. 

3-5. (Canceled) 

6. (Currently Amended) The method of claim 2, wherein said specification indicates 
whether said manifest will contain hashes of said one or more for identifying the 
unacceptable modules. 

7. (Currently Amended) The method of claim 1, wherein said one or more components 
comprise at least one of said acceptable modules comprises a key, and wherein said 
specification indicates either that the at least one of said acceptable modules signed with said 
key may be loaded into said address space or that modules signed with said key may not be 
loaded into said address space , and wherein generating said manifest comprises: 



1. 



(Currently Amended) A method of generating a manifest that governs the execution 
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retrieving said key from a file identified in said specification; and 
including said key in said manifest. 

8. (Currently Amended) The method of claim 1, whoroin said one or more components 
comprise a module, wherein said specification indicates that said module may not be loaded 
into said address space, and wherein generating said manifest comprises: 

computing a hash of said module at least one of said unacceptable modules ; 

and 

including said hash in said manifest. 

9. (Original) The method of claim 1, wherein said generating act comprises: 

based on said specification, creating a data structure representative of said 
specification; and 

generating said manifest based on said data structure. 

10. (Currently Amended) The method of claim 1, further comprising: 

receiving a key associated with a vendor or distributor of said software object; 
signing said manifest with said key to produce a digital signature; and 
including said digital signature in said manifest. 

1 1 . (Original) The method of claim 1, further comprising: 

using a hardware security module to sign said manifest, said hardware security 
module being adapted to apply a key associated with a vendor or distributor of said software 
object without revealing said key outside said hardware security module. 

12. (Currently Amended) A computer-readable medium encoded with computer- 
executable instructions to perform a method of generating a manifest, the method comprising: 

parsing a specification of requirements to be included in the manifest, the 
requirements defining a policy that governs what can bo loaded configured to preclude 
loading of a rogue module into an address space of a software object associated with the 
manifest; 
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accessing one or more components that are identified by the specification and 
that are external to the specification; and 

generating a manifest based on at least one of the accessed objects. 

13. (Original) The computer-readable medium of claim 12, wherein said one or more 
components comprise an executable module, and wherein generating said manifest 
comprises: 

including in said manifest an identification of said executable module and an 
indication that either: 

said executable module may be loaded into said address space; or 
said executable module may not be loaded into said address space. 

14. (Currently Amended) The computer-readable medium of claim 12, wherein said 
identification of said executable rogue module is operative to perform an unauthorized 
operation on the one or more components, comprises a hash of said executable module. 

15-16. (Canceled) 

17. (Currently Amended) A method of specifying constraints on the use of software 
comprising: 



into an address space of the software, the specification referring to one or more components 
that are external to the software and external to the specification; 



creating a specification concerning for explicitly limiting what may be loaded 
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comprises rules describing explicitly limiting what may be loaded into the address space of 
the softwar e, thereby ensuring a secure address space for executing the software . 



18. (Original) The method of claim 17, wherein said one or more components comprises a 
module, wherein said specification indicates either that said module may be loaded into said 
address space or that said module may not be loaded into said address space, and wherein 
said manifest generation tool does at least one of: 

including an identifier of said module in said manifest; or 
computing a hash of said module and including the hash in said 

manifest. 

19. (Original) The method of claim 17, wherein said one or more components comprise a 
key, wherein said specification indicates either that modules signed with said key may be 
loaded into said address space or that modules signed with said key may not be loaded into 
said address space, and wherein said manifest generation tool retrieves said key from a file 
identified in said specification, and includes a certificate for said key in said manifest. 

20. (Original) The method of claim 17, wherein said manifest generation tool creates an 
intermediate data structure representative of said specification, and generates said manifest 
based on said intermediate data structure. 



21. (Original) The method of claim 17, wherein the method further comprises: 

receiving a key from further comprising: 

receiving a key associated with a vendor or distributor of the software; 
signing said manifest with said to produce a digital signature; and 
including said digital signature in said manifest. 

22. (Original) The method of claim 17, further comprising: 

using a hardware security module to sign said manifest, said hardware security 
module being adapted to apply a key associated with a vendor or distributor of the software 
without revealing said key outside said hardware security module. 
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23. (Currently Amended) A system for generating a manifest comprising: 

a first parser that receives a manifest specification indicative of requirements 
for a manifest, the first parser generating a representation of said requirements, said 
requirements relating to what may be loaded into an address space of a software object, said 
specification referring to one or more components external to said software and external to 
said specification; 

a first manifest generator that generates a manifest based on said 
representation and includes in said manifest information contained in, or computed based on, 
said one or more components ; and 

a security component that imposes a permeable barrier for selectively allowing 
acceptable modules to be loaded into the software space of the software object and blocking 
unacceptable modules from being loaded into the software space thereby preventing 
unauthorized tampering of the one or more components . 

24. (Original) The system of claim 23, wherein said one or more components comprise a 
module, and wherein said first manifest generator generates said manifest by including, in 
said manifest, a datum that identifies said module. 

25. (Previously Presented) The system of claim 24, wherein said datum comprises a hash 
of said module. 

26. (Currently Amended) The system of claim 23, wherein said one or more components 
comprise a key, wherein said specification indicates either that acceptable modules signed 
with said key may be loaded into said address space or that unacceptable modules signed 
with said key may not be loaded into said address space, and wherein said first manifest 
generator retrieves said key from a file identified in said specification and includes said key 
in said manifest. 

27. (Original) The system of claim 23, wherein said first manifest generator generates a 
digital signature for said manifest by signing said manifest with a key associated with a 
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vendor or distributor of said software object, and includes said digital signature in said 
manifest. 



28. (Canceled) 

29. (Original) The system of claim 23, further comprising: 

a second parser that receives a manifest specification indicative of 
requirements for a manifest, the second parser generating a representation of said 
requirements in the same format as said first parser, 

wherein said first parser parses specifications in a first format and second parser parses 
specifications in a second format different from said first format, and wherein first manifest 
generator generates said manifest based on a representation produced either by said first 
parser or said second parser. 

30. (Original) The system of claim 23, further comprising: 

a second manifest generator that generates a manifest based on said 
representation, wherein said first manifest generator generates a manifest in a first format and 
second manifest generator generates a manifest in a second format different from said first 
format. 

3 1 . (New) The method of claim 1 , wherein at least one of the unacceptable modules is 
identified in the list by a version number. 

32. (New) The method of claim 1, wherein at least one of the unacceptable modules is 
identified in the list by a range of version numbers. 

33. (New) The computer-readable medium of claim 12, wherein the policy comprises an 
identity of an unacceptable module that is unconditionally barred from being executed in the 
address space of the software object. 

34. (New) The computer-readable medium of claim 33, wherein the unacceptable module 

is identified in the policy by a hash identifier. 
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